Breadcrumb

Yahoo and Popup UI for OpenID: Aligning the Experience Across OPs

In the evolution of OpenID, one of the remaining core challenges is a clear, friendly, consistent user experience. The original UI proposal for OpenID was simple, and generic: the user entered their OpenID URL into a text box and hit “Submit”. That worked, and still works, but has proven inadequate for a number of reasons, not the least of which being that many users do not know what their OpenID URL is when they land on an OpenID Sign In page.

In the last couple of years, the “popup UI” has been developed as an improved user experience for signing in. Facebook Connect, for example, provides a window that pops up over the relying party’s page, and accepts credentials which get used to authenticate the user before the popup closes and the user is returned to the relying party page, now refreshed with user particulars if the authentication was successful. That was (originally) a non-OpenID implementation, but that workflow has been implemented by OpenID providers, too; last spring Google announced support for the OpenID User Interface Extension (aka “popup UI”), and JanRain’s RPX has supported Google popup UI since it came out.

Last week, Yahoo! announced support for popup UI as well. Relying parties can now take advantage of the improved user experience with the popup sign-in window for Yahoo! customers. RPX, of course, makes support for such improvements easy and automatic — RPX-enabled websites don’t need to change anything, as the these features are managed by RPX.

This is another step forward, but if you take some time to experiment with the different provider sign ins at an RPX-enabled site (try RPXnow.com or uservoice.com, for example), the sign in experiences are still mostly “page jumps”, redirects from the relying party page to the provider’s sign in page. This workflow is effective, too — it gets the job done — but lots of experience and user testing has shown this to be confusing, alarming even, for users, unsure of what just happened. It seems a small detail, providing a popup dialog versus a full page load, but this is an important detail in the ergonomics of sign in.

There are ways to “do your own popup UI”, of course. See this post from Facebook’s Luke Shepard for an example of how to wrap provider sign in pages in your own javascript-managed popup, or take a look at this appspot demo that uses OpenID User Interface Extension to provide sign ins without refreshing or leaving the page.

One of the imperatives for the marketplace success of OpenID and user-centric identity is to make a lot of this complexity transparent. Recommendations like Shepard’s are a good step forward from a “do it from scratch” approach for relying parties that want to support optimal sign in experiences for their users. But the best path to broad adoption and user conditioning for this UI is through active support for the major providers for the popup UI experience. With support for popup UI from the major identity providers, relying parties can deliver a consistent, clear process for users without a lot of development hassle.

Websites using RPX won’t need to do anything to take advantage of these improvements as they get deployed. The RPX service manages the workflow, and Yahoo! sign ins, which used to be “page loads”, will be “popups” for the user, with no work needed by the relying party to make it happen.